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[57] ABSTRACT 

A security code system for controlling access to com- 
puter and computer-controlled entry situations com- 
prises a plurality of subsets of alpha-numeric charcters 
disposed in random order in matrices of at least two 
dimensions forming theoretical rectangles, cubes, etc., 
such that when access is desired, at least one pair of 
previously unused character subsets not found in the 
same row or column of the matrix is chosen at random 
and transmitted by the computer. The proper response 
to gain access is transmittal of subsets which complete 
the rectangle, and/or a parallelepiped whose opposite 
comers were defined by first groups of code. Once 
used, subsets are not used again to absolutely defeat 
unauthorized access by eavesdropping, and the like. 

20 Claims, 3 Drawing Sheets 
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COMPUTER ACCESS SECURITY CODE SYSTEM 

ORIGIN ON THE INVENTION 

The invention described herein was made in the per- 
formance of work under a NASA contract, and is sub- 
ject to the provisions of Public Law 96-517(35 USC 
202) in which the Contractor has elected not to retain 
title. 

TECHNICAL FIELD 

The invention relates to computer controlled security 
access systems employing passwords to gain access and, 
more particularly, to a security access control system 
comprising, controlling computer means for controlling 15 
access to an object; remote station means operably con- 
nected to the controlling computer means for inputting 
access information to the controlling computer means; a 
pair of matching first matrices of passwords located at 
the controlling computer means and the remote station 20 
means, respectively, each the first matrix of passwords 
comprising a plurality of individually unique symbols 
arranged in rows and columns to define a first virtual 
plane; and, access logic means located at the controlling 
computer means and operably connected to read from 25 
aqd write to its associated the first matrix of passwords, 
for transmitting a first pair of passwords from its first 
matrix to the remote station means when the remote 
station means attempts to gain access, the first pair of 
the passwords being chosen from different the columns 30 
and rows whereby they define diagonally opposite cor- 
ners of a rectangle in the first virtual plane, for receiv- 
ing a first pair of passwords transmitted from the remote 
station means as obtained from the remote station 
means’ first matrix, for comparing the first pair of pass- 35 
words transmitted from the remote station means to the 
passwords located in the controlling computer means’ 
first matrix at comers of the rectangle other than those 
defined by the transmitted first pair of passwords, for 
granting access if the compared passwords are a match, 40 
and for denying access if the compared passwords are 
not a match. 

In the preferred embodiment, the access logic means 
additionally includes means for marking ones of the 
passwords within the associated first matrix employed 45 
for any purpose as “used” and means for not choosing a 
password marked as used for transmission to the remote 
station means. The preferred embodiment additionally 
comprises, a pair of matching second matrices of pass- 
words located at the controlling computer means and 50 
the remote station means, respectively, each second 
matrix of passwords comprising a plurality of individu- 
ally unique symbols arranged in rows and columns to 
define a second virtual plane. Additionally, the access 
logic means includes, secondary checking means dis- 55 
posed before the means for granting access if the com- 
pared passwords are a match, for transmitting a second 
pair of passwords from its second matrix to the remote 
station means, the second pair of passwords being 
chosen from different columns and rows whereby they 60 
define diagonally opposite corners of a rectangle in the 
second virtual plane which is located in a plane of a 
parallelepiped containing the compared and matched 
passwords at diagonal comers of one side thereof, for 
receiving a second pair of passwords transmitted from 65 
the remote station means as obtained from the remote 
station means’ second matrix, for comparing the second 
pair of passwords transmitted from the remote station 


means to the passwords located in the controlling com- 
puter means’ second matrix at comers of the rectangle 
other than those defined by the transmitted second pair 
of passwords, for granting access if the compared sec- 
ond passwords are a match, and for denying access if 
the compared second passwords are not a match. 

BACKGROUND ART 

In the field of computers, security is a major area of 
concern in many applications. Horror stories abound of 
so-called “hackers” gaining unauthorized access to vari- 
ous computer systems. The problem exists for both 
commercial and military systems. Unauthorized access 
to a computer system can give the accessing party the 
ability to mis-transfer funds, modify records, and see 
materials of a classified nature, just to name a few 
things. 

In the March 1986 issue of Network Security in an 
article entitled “An Overview of Handheld Password 
Generators”, the statement is made that, 

“The most pervasive element of computer security is 
the password or Personal Identification Number 
(PIN). It has long been viewed as one of the weakest 
links in maintaining system integrity. As the best 
available alternative, thousands of organizations have 
adopted traditional password schemes knowing full 
well that the weaknesses represent a major vulnera- 
bility to their system security. 

In the early 1980s scores of engineers and entrepre- 
neurs focused on techniques to identify people based 
on physical or behavioral characteristics. In addition, 
a few companies designed a new class of products 
called handheld password generators.” (Emphasis 
added) 

The article then goes on to describe various forms of 
these handheld password generators as are presently 
being made commercially available by various compa- 
nies. 

One of the big problems with traditional password 
schemes is that they typically use a single password 
comprised of a sequence of alpha-numeric characters to 
gain access to the system as depicted in FIG. 1. The 
access-controlling computer 10 contains a pre-defined 
password 12 . When a user at a remote station 14 tries to 
gain access, the computer 10 has typically sent the mes- 
sage “INPUT PASSWORD:” and is waiting for the 
user to input the password through the keyboard 16 . If 
the proper password is input (i.e. it compares to the 
password 12 ) access is granted. If not, the computer 10 
loops back to the point in its logic where the “INPUT 
PASSWORD:” message is output. The stored pass- 
word 12 may be changed periodically; but, a given 
password is typically in place for a substantial period of 
time. Moreover, the access programming sequence is 
typically a simple loop that asks for the password and 
returns to the beginning of the loop if the improper 
password is entered, repeating the process over and 
over again until the proper password is provided or 
until the person trying to gain access gives up. Thus, 
anyone trying to gain unauthorized access has unlimited 
opportunity to try various passwords. In such an envi- 
ronment, a typical approach is to tie the input sequence 
to a computer generating various passwords. The com- 
puter employs a pseudo random password generator to 
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input to the password checking loop until the proper 
password is stumbled upon. For a human operator, such 
an approach would be virtually unthinkable. For a com- 
puter, it is everyday business as usual. The same ap- 
proach is used to find the telephone number for remote 5 
access to computer systems. The hacker simply sets up 
the computer to sequentially try telephone numbers and 
note those for which a computer modem carrier signal 
is returned. The hacker can then try those numbers at a 
later time to determine ones of possible interest for 10 
which unauthorized access will be tried. Such clandes- 
tine attempts at gaining entry or system information are 
typically tried at night when there is no one in the area 
of the computer and hundreds of thousands of combina- 
tions can be tried without alerting operating personnel. 

Another limiting factor of typical password schemes 
is the vulnerability of the password to detection. In 
many cases, an unsophisticated user who has difficulty 
remembering the password simply writes it down some- 20 
where in the area — often on the bezel area of the termi- 
nal display or keyboard. Unthinkable as it seems, there 
are people who write their PIN number on their credit 
cards and ATM bank cards because they cannot re- 
member them. In the alternative, when users have the 2 5 
opportunity to choose the password or their PIN num- 
ber, they often choose something that they have memo- 
rized or that is already written down. Telephone num- 
bers, driver’s license numbers, social security numbers, 
birth dates, and the like, are typical candidates. Thieves 30 
and unauthorized computer accessors know this and try 
those alpha-numeric sequences first. 

Passwords can also be obtained in other ways. When 
a user enters his or her password, they seldom check to 
see if someone is looking over their shoulder and watch- 35 
ing the sequence as entered. A high power telescope 
can be used to watch through a window from a consid- 
erable distance and allow the password to be seen as it 
is entered. Where the password is entered from a re- 
mote terminal over a telephone line or local area net- 40 
work (LAN) by means of a modem, the password can 
be detected electronically as it passes along the tele- 
phone line or LAN. Of course, the more important the 
access is to the system, the more sophisticated the 
equipment that can be brought to bear on finding out 45 
the password. In cases of espionage and national secu- 
rity, the world of James Bond and “007” is a reality that . 
can be made readily available to operatives. The hand- 
held password generators of the above-described article 
are intended to help break the pattern of password de- 
tection by, for example, inputting the password directly 
to the computer through an optical interface which 
generates no detectable radio frequency emissions and 
whose input sequence cannot be seen easily when the 55 
device is used- 

While entry to the computer itself is the most obvious 
area of need, computer-controlled access environments 
where a computer controls the opening of doors, vaults, 
etc., have a similar need. 60 

Since the password is still the “best available alterna- 
tive” as quoted above, what is needed is a system for 
password verification which is adaptable to user log-on 
from a distance over telephone lines or a LAN as well 
as locally, in which there is a bi-directional interchange 65 
between the computer and the user which is unbreak- 
able even if some or all of the information of one or 
more log-ons is obtained by unauthorized parties. 
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STATEMENT OF THE INVENTION 

Accordingly, it is an object of this invention to pro- 
vide a unique system for password verification in com- 
puter and other entry situations which is adaptable to 
use from a distance over telephone lines or a LAN as 
well as locally, in which there is a bi-directional inter- 
change between a controlling computer and the user 
which is unbreakable even if some or all of the informa- 
tion of one or more prior entries is obtained by unautho- 
rized parties. 

It is another object of this invention to provide a 
unique system for password verification in computer 
and other entry situations which is adaptable to use 
from a distance over telephone lines or a LAN as well 
as locally in which the controlling computer breaks 
contact with the user on any instance where the inabil- 
ity to continue with a proper sequence indicates possi- 
ble attempted access by an unauthorized party. 

Other objects and benefits of the present invention 
will become apparent from the description which fol- 
lows hereinafter when taken in conjunction with the 
drawing figures which accompany it. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a simplified drawing depicting a prior art 
approach to using passwords to gain access to a com- 
puter controlled environment wherein the user inputs a 
password to the controlling computer through a key- 
board and the controlling computer compares the pass- 
word as input to a pre-stored password. 

FIG. 2 is a simplified drawing of a computer con- 
trolled access system according to one possible embodi- 
ment of the present invention. 

FIG. 3 is a flowchart showing one possible logic 
pattern to be employed in a computer controlled secu- 
rity access system according to the present invention. 

FIG. 4 is a simplified two-dimensional matrix of pass- 
words of the type that could be employed in the present 
invention. 

FIG. 5 is the matrix of FIG. 4 with the rectangle 
containing the four passwords employed in a typical 
access as described by way of example shown by shad- 
ing. 

FIG. 6 is a simplified three-dimensional matrix of 
passwords of the type that could be employed in the 
present invention shown as a cube for ease of under- 
standing. 

FIG. 7 is the matrix of FIG. 6 with the rectangle 
containing four passwords employed in a typical access 
as described by way of example shown by shading. 

FIG. 8 is the matrix of FIGS. 6 and 7 in ghosted form 
to show otherwise unseen passwords employed in the 
example. 

DETAILED DESCRIPTION OF THE 
INVENTION 

While the description which follows focuses on pass- 
words as an entry to a computer system itself, as men- 
tioned above and as will be readily appreciated by those 
skilled in the art, the techniques to be described herein- 
after would be equally applicable to any entry situation 
in which a computer is controlling access through the 
entry of a password. Such related uses are, therefore, to 
be considered within the scope and spirit of the present 
invention in determining the breadth of the claims 
which follow. 
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The solution implemented by the present invention is example. Alpha-numeric character groups, i.e. code 

to employ a sequence of code symbols that are changed sequence subsets 22, are disposed randomly within the 

at every access attempt, to defeat eavesdropping, and to matrix, as shown. In this regard, the matrices can be 

arrange the pattern of symbols such that a selection of constructed conveniently employing a random code 

code challenges must be answered exactly and immedi- 5 generation algorithm according to techniques well 
ately by a password with bears an artificial relationship known in the art which form no part of the present 
with the challenge, derived from placement within invention per se. When the access-controlling computer 
matrices of at least two, and preferably more, dimen- 10 is queried by the remote station 14 during access, it 
sions. It should be noted that the use of matrices for the sends out a pair of code subsets 22 not in the same row 
storage of access codes is not new and such, per se, is 10 or column of the matrices 18 18', which thus define 
not considered to be a point of novelty of the present opposite comers of a rectangle (or square). This consti- 

invention. In the prior art use of matrices for such appli- tutes the “challenge”, in military parlance, which must 

cations, however, the matrix is merely employed in the be properly answered by the password, i.e., that pair of 

manner of a table such that different passwords can be code subsets 22 which define the remaining comers of 

picked up from different locations according to a pre- 15 the rectangle. For example, as depicted by the shaded 
established plan (e.g. pseudo randomly). In the altema- “rectangle” of FIG. 5, if the challenge code sequence is 
five, a changing code sequence, when employed, is 20, 17, the proper response would be 23, 30 employing 
more typically calculated in each instance by employing the matrix configuration of FIG. 4. 
a pseudo random code generation algorithm. In the As illustrated in FIG. 3, in accomplishing the forego- 
present invention, it is the manner in which the data is 20 ing, the access logic 20 first finds an unused password 
retrieved from the matrix or matrices for use which pair (e.g. the 20, 17 pair of the example above) in its 

imparts the novelty. associated matrix 18. The pair is marked as “used” 

A system implementing the present invention is within the matrix 18 and transmitted to the remote sta- 
shown in simplified form in FIG. 2. To implement the tion 14. Note that once a pair is selected and used for 
present invention, the computer 10 being accessed (i.e. 25 any purpose, it is considered as “used” and never used 
the controlling computer) and the user at the remote again. It is this approach which absolutely defeats the 

station 14 from which access is attempted must be in “eavesdropper” who learns a password by any means, 

possession of identical randomly-distributed code It is also the reason why it is preferred that the matrices 
groups which are arranged in password matrices 18 of, 18, 18' be on an easily replaceable medium. Unless the 
preferably, three dimensions, or higher. In this regard, it 30 matrix size is exceptionally large, frequent access will 
should be noted that the term “remote station” can refer consume the avaible (non-used) pairs of code sequence 
to a truly remote site located at some distance from the subsets 22 quite rapidly. Once the logic 20 has transmit- 
computer 10 or, in the alternative, a local input device ted the password pair to the remote station 14, it waits 
(keyboard, handheld code generator, etc.) inputting for a response. Preferably, although not shown in the 
directly to the computer 10. From these matrices, a 35 logic flow, the access sequence should be abandoned 
pairs of code groups may be chosen as part of a chal- after a given length of time rather than leaving the 
lenge sequence. These code groups must not lie in iden- system in an open and waiting state for an unlimited 
tical rows, columns, etc. Thus, they can be considered, amount of time. This could be accomplished by timing 
by definition, to lie at diagonally opposite comers of a techniques well known to those skilled in the art and by 
virtual rectangular solid within the overall cubical ma- 40 then branching to the “deny access” path of the logic if 
trix. The proper password response completes the defi- the time limit for input is exceeded. Once a response is 
nition of the comers of the rectangular solid. This ap- received, the logic 20 checks for a match with the pass- 
proach can be implemented to several levels of sign and word pair which will complete the rectangle (i.e. 23, 30 
countersign as will be described hereinafter. As de- in the above-described example). If there is a match, 
picted in FIG. 2, the passwords matrix 18 in the com- 45 access is granted and the completing password pair is 
puter 10 is accessed bi-directionally by the access logic marked as “used” in the matrix 18. If the response is a 


20 to be described hereinafter. The passwords matrix non-match to the proper response, access is denied and 

18' at the remote station 14 may be in the form of an the connection to the remote station 14 is broken. While 


external source (book, floppy disk, magnetic tape, etc.) an immediate breaking of the connection is preferred 

which is consulted manually by the user or, altema- 50 for maximum security purposes, on could repeatedly 
tively, may be incorporated into a remote access device, loop back to the beginning as in the prior art or maintain 

such as the handheld password generators mentioned a counter of tries and break the connection after “n” 


above. In either case, it is preferred that the passwords unsuccessful attempts, if desired. 

matrices 18, 18' be implemented in the form of easily FIG. 6 illustrates a small, three-dimensional matrix 


replaceable devices (books, smart cards, floppy disks, 55 18, 18', arranged as a cube for easy visualization and 
magnetic tapes, etc.) so that they can be changed fre- illustration. In the preferred implementation, the actual 

quently for reasons which will become apparent “cube” would be a group of six matrices, associated by 

shortly. In any event, at the remote station 14 the axes — one for each face of the cube. With three dimen- 


proper contents from the passwords matrix 18' as re- sions, the access procedure can follow the military pass- 
trieved in the manner to be described is either input 60 word system of challenge, sign and countersign. This is 
through the keyboard 16 by the user or sent directly to an alternate approach to the prior example where the 
the computer 10 in the case of a password generator password pair interchange was initiated by the corn- 
type of device. puter 10. In this approach, it is the remote station 14 

The operation of the present invention and one form which initiates the first password pair. When the remote 
of associated logic for the access logic 20 is depicted in 65 station 14 attempts access, it sends out two code se- 
FIGS. 3-5. The logic flow diagram appears in FIG. 3 quence subsets 22 on the same face (matrix) of the cube, 
while FIG. 4 depicts a simplified, two-dimensional ver- but not in the same row or column as in the case of the 
sion of a passwords matrix 18, 18' for purposes of the prior, two-dimensional example. For example, assume 
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the caller transmits 5 KZ, ERC as depicted by the matrix through multiple dimensions until access was 

shaded rectangle of FIG. 7. These would be chosen at granted or denied, 

random by the caller, and, of course, should be chosen I claim: 

from those code sequence subsets 22 not previously 1. In a security access control system wherein a user 
used. The receiver (i.e. computer 10) completes the 5 at a remote station requires approval from a controlling 
rectangle, in this example by sending back TBT, 6BB as computer to gain access, the improvement comprising: 
should be apparent from FIG. 7 as being the opposite (a) a pair of matching first matrices of passwords 
comers of the rectangle. This identifies the station located at the controlling computer and the remote 

reached, so the caller (i.e. remote station 14) knows he station, respectively, each said first matrix of pass- 

has reached the desired destination to which access is 10 words comprising a plurality of individually unique 

desired. In addition to completing the first rectangle as symbols arranged in rows and columns to define a 

an acknowledgement, the receiver sends out two more first virtual plane; and, 

code sequence subsets 22 which are chosen to define the (b) access logic means located at the controlling com- 
comers of a parallelepiped based on the rectangle just puter and operably connected to read from and 

established. In the example of FIGS. 6-8, F12, QQ8. 15 write to its associated said first matrix of pass- 

The latter code subset 22 is not visible in FIGS. 6 and 7; words, 

but, can be seen with reference to the ghosted drawing-- (bl) for transmitting a first pair of said passwords 

of FIG. 8. To complete the access sequence success- from its said first matrix to the remote station 

fully, the user at the remote station 14 must respond when the remote station attempts to gain access, 

with the last two comers, or 111, 110. Once this entire 20 said first pair of said passwords being chosen 

particular sequence has been used, it cannot be used from different said columns and rows whereby 

again as all the code subsets 22 employed therein are they define diagonally opposite comers of a rect- 

marked as “used” in the process. As mentioned earlier, angle in said first virtual plane, 

it is this approach that absolutely defeats any later ac- (b2) for receiving a first pair of said passwords 

cess due to eavesdropping; that is, even if the password 25 transmitted from the remote station as obtained 

sequence in any particular instance is learned, an at- from the remote station’s said first matrix, 

tempt to reuse it will end in failure as the system never (b3) for comparing said first pair of passwords 

uses the same sequence twice. If a hacker attempts to transmitted from the remote station to the said 

respond with a sequence of randomly-generated code passwords located in the controlling computer’s 

sequences, this can be defeated by cutting off the con- 30 said first matrix at comers of said rectangle other 

nection at the first, or second, or even third wrong than those defined by said transmitted first pair 

response, as mentioned earlier. If the hacker attempts of said passwords, 

reconnection, the challenge will be different each time; (b4) for granting access if said compared passwords 

thus, chances of randomly-generated responses being are a match, and 

correct are miniscule at best (in actuality being virtually 35 (b5) for denying access if said compared passwords 

nonexistent), especially when a second response is re- are not a match. 

quired as in the second example above. It is preferred 2. The improvement to a security access control sys- 
that the basic floppy disk, etc., “code book” defining the tem of claim 1 wherein said access logic means addition- 

matrices 18, 18' be changed often, to prevent loss of too ally includes: 

many choices, and to improve security. For a higher 40 (a) means for marking ones of said passwords within 

level of security, high dimensional matrices may be the associated said first matrix employed for any 

used, in the same manner that cubes are compounded purpose as “used”; and, 

into hypercubes in modern concurrent processing. Note (b) means for not choosing a said password marked as 
that in instances where the remote station 14 is initiating used for transmission to the remote station, 

a transmission of code subset pairs, it is preferred that 45 3. The improvement to a security access control sys- 

the contents of the remote station’s matrix 18' be tem of claim 1 and additionally comprising: 
flagged as “used” when used to prevent erroneous (a) a pair of matching second matrices of passwords 
transmissions. When only the computer 10 initiates located at the controlling computer and the remote 

transmission sequences, it is, of course, unnecessary to station, respectively, each said second matrix of 

flag the remote station’s matrix 18'. 50 passwords comprising a plurality of individually 

It should also be appreciated by those skilled in the unique symbols arranged in rows and columns to 

art that a multidimensional sequence initiated by the define a second virtual plane; and wherein said 

computer 10 could be employed whereby the remote access logic means additionally includes, 

station would have to provide the proper response pair (b) secondary checking means disposed before said 
twice (or even more if maximum security was desired). 55 means for granting access if said compared pass- 

In such case, the computer 10 would, in each instance, words are a match, 

send a pair of code subsets 22 representing diagonally (bl) for transmitting a second pair of said pass- 

opposite comers of a rectangle located in the virtual words from its said second matrix to the remote 

plane of one of its matrices 18. The remote station 14 station, said second pair of said passwords being 

would have to respond with the proper other two cor- 60 chosen from different said columns and rows 

ner code subsets 22 in order for the access sequence to whereby they define diagonally opposite corners 

continue. At each successful stage, the computer 10 of a rectangle in said second virtual plane which 

would choose and transmit another pair of code subsets is located in a plane of a parallelepiped contain- 

22 representing diagonally opposite comers of a rectan- ing said compared and matched passwords at 

gle located in a next virtual plane associated with an- 65 diagonal comers of one side thereof, 

other of its matrices 18 as determined by its association (b2) for receiving a second pair of said passwords 

with a parallelepiped including the previous rectangle. transmitted from the remote station as obtained 

In this way, the computer 10 could move from matrix to from the remote station’s said second matrix, 
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(b3) for comparing said second pair of passwords 
transmitted from the remote station to the said 
passwords located in the controlling computer’s 
said second matrix at comers of said rectangle 
other than those defined by said transmitted 5 
second pair of said passwords, 

(b4) for granting access if said compared second 
passwords are a match, and 
(b5) for denying access if said compared second 
passwords are not a match. 10 

4 . The improvement to a security access control sys- 
tem of claim 3 wherein said access logic means addition- 
ally includes: 

(a) means for marking ones of said passwords within 
the associated said second matrix employed for any 15 
purpose as “used”; and, 

(b) means for not choosing a said password marked as 
used for transmission to the remote station. 

5 . The improvement to a security access control sys- 
tem of claim 1 and additionally comprising: 20 

(a) a pair of matching second matrices of passwords 
located at the controlling computer and the remote 
station, respectively, each said second matrix of 
passwords comprising a plurality of individually 
unique symbols arranged in rows and columns to 25 
define a second virtual plane; 

(b) the remote station including query logic for trans- 
mitting a query pair of said passwords from its said 
first matrix to the controlling computer to initiate 
an access attempt, said query pair of said passwords 30 
being chosen from different said columns and rows 
whereby they define diagonally opposite comers of 

a rectangle in said first virtual plane; and wherein 
said access logic means additionally includes, 

(c) preliminary checking logic disposed before said 35 
means for transmitting a first pair of said passwords 
the remote station, 

(cl) for receiving said query pair of said passwords 
transmitted from the remote station, 

(c2) for using said query pair of passwords trans- 40 
mitted from the remote station to find the said 
' passwords located in the controlling computer’s 
said first matrix at two comers of said rectangle 
other than those defined by said transmitted 
query pair of said passwords, 45 

(c2) for transmitting said passwords from said two 
other comers to the remote station, and wherein 
additionally, 

(d) said first pair of said passwords is chosen from the 
controlling computer’s said first matrix, said first 50 
pair of said passwords being chosen from different 
said columns and rows whereby they define diago- 
nally opposite comers of a rectangle in said second 
virtual plane which is located in a plane of a paral- 
lelepiped containing said four query passwords at 55 
comers of one side thereof. 

6. A security access control system comprising: 

(a) controlling computer means for controlling access 
to an object; 

(b) remote station means operably connected to said 60 
controlling computer means for inputting access 
information to said controlling computer means; 

(c) a pair of matching first matrices of passwords 
located at said controlling computer means and the 
remote station means respectively, each said first 65 
matrix of passwords comprising a plurality of indi- 
vidually unique symbols arranged in rows and col- 
umns to define a first virtual plane; and, 
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(d) access logic means located at said controlling 
computer means and operably connected to read 
from and write to its associated said first matrix of 
passwords, 

(dl) for transmitting a first pair of said passwords 
from its said first matrix to said remote station 
means when said remote station means attempts 
to gain access, said first pair of said passwords 
being chosen from different said columns and 
rows whereby they define diagonally opposite 
comers of a rectangle in said first virtual plane, 
(d2) for receiving a first pair of said passwords 
transmitted from said remote station means as 
obtained from said remote station means’ said 
first matrix, 

(d3) for comparing said first pair of passwords 
transmitted from said remote station means to 
the said passwords located in said controlling 
computer means’ said first matrix at comers of 
said rectangle other than those defined by said 
transmitted first pair of said passwords, 

(d4) for granting access if said compared passwords 
are a match, and 

(d5) for denying access if said compared passwords 
are not a match. 

7. The security access control system of claim 6 
wherein said access logic means additionally includes: 

(a) means for marking ones of said passwords within 
the associated said first matrix employed for any 
purpose as “used”; and, 

(b) means for not choosing a said password marked as 
used for transmission to said remote station means. 

8. The security access control system of claim 6 and 
additionally comprising: 

(a) a pair of matching second matrices of passwords 
located at said controlling computer means and 
said remote station means, respectively, each said 
matrix of passwords comprising a plurality of indi- 
vidually unique symbols arranged in rows and col- 
umns to define a second virtual plane; and wherein 
said access logic means additionally includes, 

(b) secondary checking means disposed before said 
means for granting access if said compared pass- 
words are a match, 

(bl) for transmitting a second pair of said pass- 
words from its said second matrix to said remote 
station means, said second pair of said passwords 
being chosen from different said columns and 
rows whereby they define diagonally opposite 
comers of a rectangle in said second virtual 
plane which is located in a plane of a parallelepi- 
ped containing said compared and matched pass- 
words at diagonal comers of one side thereof, 
(b2) for receiving a second pair of said passwords 
transmitted from said remote station means as 
obtained from said remote station means’ said 
second matrix, 

(b3) for comparing said second pair of passwords 
transmitted from said remote station means to 
the said passwords located in said controlling 
computer means’ said second matrix at comers 
of said rectangle other than those defined by said 
transmitted second pair of said passwords, 

(b4) for granting access if said compared second 
passwords are a match, and 
(b5) for denying access if said compared second 
passwords are not a match. 



11 

9. The security access control system of claim 8 
wherein said access logic means additionally includes: 

(a) means for marking ones of said passwords within 

the associated said second matrix employed for any 
purpose as “used”; and, 5 

(b) means for not choosing a said password marked as 
used for transmission to said remote station means. 

10. The security access control system of claim 6 and 
additionally comprising: 

(a) a pair of matching second matrices of passwords 10 
located at said controlling computer means and 
said remote station means, respectively, each said 
second matrix of passwords comprising a plurality 
of individually unique symbols arranged in rows 
and columns to define a second virtual plane; 15 

(b) said remote station means including query logic 
for transmitting a query pair of said passwords 
from its said first matrix to said controlling com- 
puter means to initiate an access attempt, said 
query pair of said passwords being chosen from 20 
different said columns and rows whereby they 
define diagonally opposite comers of a rectangle in 
said first virtual plane; and wherein said access 
logic means additionally includes, 

(c) preliminary checking logic disposed before said 25 
means for transmitting a first pair of said passwords 

to said remote station means, 

(cl) for receiving said query pair of said passwords 
transmitted from said remote station means, 

(c2) for using said query pair of passwords trans- 30 
mitted from said remote station means to find the 
said passwords located in said controlling com- 
puter means’ said first matrix at two comers of 
said rectangle other than those defined by said 
transmitted query pair of said passwords, 35 

(c2) for transmitting said passwords from said two 
other comers to said remote station means, and 
wherein additionally, 

(d) said first pair of said passwords is chosen from said 
controlling computer means’ said first matrix, said 40 
first pair of said passwords being chosen from dif- 
ferent said columns and rows whereby they define 
diagonally opposite comers of a rectangle in said 
second virtual plane which is located in a plane of 

a parallelepiped containing said four query pass- 45 
words at comers of one side thereof. 

11. In a security access control system wherein a user 
at a remote station requires approval from a controlling 
computer to gain access, the method of operation to 
improve the system’s ability to defeat unauthorized 50 
access by eavesdroppers and the like comprising the 
steps of: 

(a) providing a pair of matching first matrices of 
passwords at the controlling computer and the 
remote station, respectively, each first matrix of 55 
passwords comprising a plurality of individually 
unique symbols arranged in rows and columns to 
define a first virtual plane; 

(b) providing access logic means at the controlling 
computer and operably connected to read from and 60 
write to its associated first matrix of passwords; 

(c) transmitting a first pair of passwords from the 
controlling computer’s first matrix to the remote 
station when the remote station attempts to gain 
access wherein the first pair of the passwords is 65 
chosen from different columns and rows whereby 
they define diagonally opposite corners of a rectan- 
gle in the first virtual plane. 
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I (d) receiving a first pair of the passwords transmitted 
from the remote station as obtained from the re- 
i mote station’s first matrix, 

(e) comparing the first pair of passwords transmitted 
5 from the remote station to the passwords located in 

; the controlling computer’s first matrix at corners of 

the rectangle other than those defined by the trans- 
mitted first pair of passwords; 

(f) granting access if the compared passwords are a 
10 match; and, 

(g) denying access if the compared passwords are not 
a match. 

12. The method of claim 11 and additionally includ- 
ing the steps of: 

15 (a) marking ones of the passwords within the associ- 

ated first matrix employed for any purpose as 
“used”; and, 

(b) not choosing a password marked as used for trans- 
mission to the remote station. 

20 13. The method of claim 11 and additionally compris- 

ing the steps of: 

(a) providing a pair of matching second matrices of 
passwords at the controlling computer and the 
remote station, respectively, wherein each second 
25 matrix of passwords comprises a plurality of indi- 
vidually unique symbols arranged in rows and col- 
umns to define a second virtual plane; and wherein 
before the granting of access if the compared pass- 
words are a match there are the steps of, 

30 (b) transmitting a second pair of passwords from the 

controlling computer’s second matrix to the remote 
station wherein the second pair of passwords is 
chosen from different columns and rows whereby 
they define diagonally opposite comers of a rectan- 
35 gle in second virtual plane which is located in a 
plane of a parallelepiped containing the compared 
and matched passwords at diagonal comers of one 
side thereof; 

(c) receiving a second pair of passwords transmitted 
40 from the remote station’s second matrix; 

(d) comparing the second pair of passwords transmit- 
ted from the remote station to the passwords lo- 
cated in the controlling computer’s second matrix 
at comers of the rectangle other than those defined 

45 by the transmitted second pair of passwords; 

(e) granting access if the compared second passwords 
are a match; and, 

(f) denying access if the compared second passwords 
are not a match. 

50 14. The method of claim 13 and additionally includ- 

ing the steps of: 

(a) marking ones of the passwords within the associ- 
ated second matrix employed for any purpose as 
“used”; and, 

55 (b) not choosing a password marked as used for trans- 

mission to the remote station. 

15. The method of claim 11 and additionally compris- 
ing the steps of: 

(a) providing a pair of matching second matrices of 
60 passwords at the controlling computer and the 
remote station, respectively, each second matrix of 
passwords comprising a plurality of individually 
unique symbols arranged in rows and columns to 
define a second virtual plane; 

65 (b) transmitting a query pair of the passwords from 

the remote station’s first matrix to the controlling 
computer to initiate an access attempt wherein the 
query pair of the passwords is chosen from differ- 
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ent columns and rows whereby they define diago- 
nally opposite comers of a rectangle in the first 
virtual plane; and wherein before transmitting a 
first pair of the passwords to the remote station 
there are the steps of, 

(c) receiving the query pair of passwords transmitted 
from the remote station; 

(d) using the query pair of passwords transmitted 
from the remote station to find the passwords lo- 
cated in the controlling computer’s first matrix at 10 
two comers of the rectangle other than those de- 
fined by the transmitted query pair of passwords; 

(e) transmitting the passwords from the two other 
comers to the remote station; and, 

(0 choosing the first pair of the passwords from the 15 
controlling computer’s first matrix from different 
columns and rows whereby they define diagonally 
opposite comers of a rectangle in second virtual 
plane which is located in a plane of a parallelepiped 
containing the four query passwords at comers of 20 
one side thereof. 

16. A security access control system comprising: 

(a) controlling computer means for controlling access 
to an object; 

(b) remote station means operably connected to said 25 
controlling computer means for inputting access 
information to said controlling computer means; 

(c) a pair of matching first matrices of passwords 
located at said controlling computer means and the 
remote station means, respectively, each said first 30 
matrix of passwords comprising a plurality of indi- 
vidually unique symbols arranged in rows and col- 
umns to define a first virtual plane; and, 

(d) access logic means located at said controlling 
computer means and operably connected to read 35 
from and write to its associated said first matrix of 
passwords for transmitting portions of rectangu- 
larly oriented data in its said first matrix of pass- 
words to said remote station means, for comparing 
non-transmitted portions of said rectangularly ori- 40 
ented data in its said first matrix of passwords to 
data transmitted to said controlling computer 
means by said remote station means from its associ- 
ated said first matrix means and for granting access 
when said data from said remote station means 
properly matches said non-transmitted portions, 
said access logic means including logic for per- 
forming the steps of, 

(dl) transmitting a first pair of said passwords from 
said controlling computer means’s said first ma- 50 
trix to said remote station means when said re- 
mote station means attempts to gain access, said 
first pair of said passwords being chosen from 
different said columns and rows whereby they 
define diagonally opposite comers of a rectangle 55 
in said first virtual plane, 

(d2) receiving a first pair of said passwords trans- 
mitted from said remote station means as ob- 
tained from said remote station means’ said first 
matrix, 

(d3) comparing said first pair of passwords trans- 
mitted from said remote station means to the said 
passwords located in said controlling computer 
means’ said first matrix at comers of said rectan- 
gle other than those defined by said transmitted 65 
first pair of said passwords, 

(d4) granting access if said compared passwords 
are a match, and 
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(d5) denying access if said compared passwords are 
not a match. 

17. The security access control system of claim 16 
wherein said access logic means additionally includes 

5 logic for performing the steps of: 

(a) marking ones of said passwords within the associ- 
ated said first matrix employed for any purpose as 
“used”; and, 

(b) not choosing a said password marked as used for 
transmission to said remote station means. 

18. The security access control system of claim 16 
and additionally comprising: 

(a) a pair of matching second matrices of passwords 
located at said controlling computer means and 
said remote station means, respectively, each said 
second matrix of passwords comprising a plurality 
of individually unique symbols arranged in rows 
and columns to define a second virtual plane; and 
wherein said access logic means additionally in- 
cludes logic for before granting access if said com- 
pared passwords are a match including the steps of, 

(b) transmitting a second pair of said passwords from 
the controlling computer mean’s said second ma- 
trix to said remote station means, said second pair 
of said passwords being chosen from different said 
columns and rows whereby they define diagonally 
opposite comers of a rectangle in said second vir- 
tual plane which is located in a plane of a parallel- 
epiped containing said compared and matched 
passwords at diagonal comers of one side thereof; 

(c) receiving a second pair of said passwords trans- 
mitted from said remote station means as obtained 
from said remote station means’ said second matrix; 

(d) comparing said second pair of passwords trans- 
mitted from said remote station means to the said 
passwords located in said controlling computer 
means’ said second matrix at comers of said rectan- 
gle other than those defined by said transmitted 
second pair of said passwords; 

(e) granting access if said compared second pass- 
words are a match; and, 

(f) denying access if said compared second passwords 
are not a match. 

19. The security access control system of claim 16 
45 wherein said access logic means additionally includes 

logic for performing the steps of: 

(a) marking ones of said passwords within the associ- 
ated said second matrix employed for any purpose 
as “used”; and, 

(b) not choosing a said password marked as used for 
transmission to said remote station means. 

20. The security access control system of claim 16 
and additionally comprising: 

(a) a pair of matching second matrices of passwords 
located at said controlling computer means and 
said remote station means, respectively, each said 
second matrix of passwords comprising a plurality 
of individually unique symbols arranged in rows 
and columns to define a second virtual plane; 

60 (b) said remote station means including query logic 

for transmitting a query pair of said passwords 
from its said first matrix to said controlling com- 
puter means to initiate an access attempt, said 
query pair of said passwords being chosen from 
different said columns and rows whereby they 
define diagonally opposite comers of a rectangle in 
said first virtual plane; and wherein said access 
logic means additionally includes logic for before 
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transmitting a first pair of said passwords to said 
remote station means including the steps of, 

(c) receiving said query pair of said passwords trans- 
mitted from said remote station means; 

(d) using said query pair of passwords transmitted 5 

from said remote station means to find the said 
passwords located in said controlling computer 
means’ said first matrix at two comers of said rect- 
angle other than those defined by said transmitted 
query pair of said passwords; 10 
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(e) transmitting said passwords from said two other 
comers to said remote station means; and, 

(f) choosing said first pair of said passwords from said 
controlling computer means’ said first matrix from 
different said columns and rows whereby they 
define diagonally opposite comers of a rectangle in 
said second virtual plane which is located in a plane 
of a parallelepiped containing said four query pass- 
words at comers of one side thereof. 
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